Skip to main content

Express Cart

2 CVEs product

Monthly

CVE-2021-32573 MEDIUM POC This Month

The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js XSS Express Cart
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-3758 npm HIGH POC PATCH THREAT This Week

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Express Cart
NVD
CVSS 3.1
8.8
EPSS
27.5%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js XSS Express Cart
NVD
EPSS 27% CVSS 8.8
HIGH POC PATCH THREAT This Week

Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Express Cart
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy